SignedJwtAssertionCredentials on AppEngine doesn't recognize PEM key

Question

SignedJwtAssertionCredentials on appengine (with pycrypto 2.6) doesn't support the PKCS12 format, therefore I'm trying to use PEM keys instead, as suggested everywhere..

this is my code:

  f = file(os.path.join(os.path.dirname(__file__), KEY_FILE), "r")
  key = f.read()
  f.close()

  credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
      scope="https://www.googleapis.com/auth/drive"
  http = httplib2.Http()
  http = credentials.authorize(http)

and the KEY_FILE is a PEM key, converted with the command:

openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem

but I still get this error, as if it didn't recognize that's a PEM key:

NotImplementedError: PKCS12 format is not supported by the PyCrpto library. 
Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.

same error if I pass just the filename to the constructor (without reading the contents of the file)

any idea?

Answer 1

Yeah, the error is hugely misleading. What you're doing is fine; just remove the header from the PEM file so that it begins with -----BEGIN PRIVATE KEY-----, or run the following command over it:

openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem